Re: [libvirt] [PATCH] ESX: Don't automatically follow redirects.

2009/10/28 Daniel P. Berrange <berrange(a)redhat.com&gt;: > On Wed, Oct 28, 2009 at 09:12:06PM +0100, Matthias Bolte wrote: >> The default transport for the VI API is HTTPS. If the server redirects >> from HTTPS to HTTP the driver would silently follow that redirection. >> The user assumes to communicate with the server over a secure transport >> but isn't. > > Good catch, this is definitely something we don't want to happen. > >> This patch disables automatical redirection following. The driver reports >> an error if the server tries to redirect. > > Is the user likely to hit any redirects in the real world, or is this > just an edge case. If they're likely to hit redirects, then we might > want to allow a redirect if it points to another paths on the same > server as the original URI, and is using HTTPS. > > Daniel As far as I can tell it's an edge case. The available transports can be configured on the ESX server. Default is HTTPS-only, but you can configure it to use HTTPS+HTTP or HTTP-only. The ESX server redirects you to the other protocol if you try to access it via a disabled one. I'm not aware of any other situation that results in a redirect. Matthias